General
-
Target
24241ed2e4755e688b2064771ab790fcfec4bfdd5aa2424d816187a60192f6c8
-
Size
689KB
-
Sample
230404-2fdnfaad77
-
MD5
276eb289493c95836c81d6bea8058383
-
SHA1
f4ae220b769d71c5eccdcbdc3f06ea09844d2747
-
SHA256
24241ed2e4755e688b2064771ab790fcfec4bfdd5aa2424d816187a60192f6c8
-
SHA512
56094cce0778c472e181ba94a25bd84b2f5607899290540ef508a1180dd78a5f6001f5452de735d731ca124bcf31212944b578b8b7ab6b57181eca14a6c165b8
-
SSDEEP
12288:kMrxy90iqQxuhwJBPSqcF2lN5hGIqOzTK2Ike1bcbVq6od189X5d:1yNHxuWjlcFO5k+zTKfke1bsx
Static task
static1
Behavioral task
behavioral1
Sample
24241ed2e4755e688b2064771ab790fcfec4bfdd5aa2424d816187a60192f6c8.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
24241ed2e4755e688b2064771ab790fcfec4bfdd5aa2424d816187a60192f6c8
-
Size
689KB
-
MD5
276eb289493c95836c81d6bea8058383
-
SHA1
f4ae220b769d71c5eccdcbdc3f06ea09844d2747
-
SHA256
24241ed2e4755e688b2064771ab790fcfec4bfdd5aa2424d816187a60192f6c8
-
SHA512
56094cce0778c472e181ba94a25bd84b2f5607899290540ef508a1180dd78a5f6001f5452de735d731ca124bcf31212944b578b8b7ab6b57181eca14a6c165b8
-
SSDEEP
12288:kMrxy90iqQxuhwJBPSqcF2lN5hGIqOzTK2Ike1bcbVq6od189X5d:1yNHxuWjlcFO5k+zTKfke1bsx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-